[webkit-gtk] Support for PKCS11 / Smartcard?

Michael Catanzaro mcatanzaro at igalia.com
Tue Dec 4 07:28:49 PST 2018

On Mon, Dec 3, 2018 at 8:16 PM, mailto428496 <mailto628496 at cox.net> 
> Michael,
> As you predicted it didn't work for smartcard authentication with 
> WebKit
> (MiniBrowser) (perhaps I was overly optimistic that somehow it would
> magically work ;) and I am not sure how else to test it?  But setting
> the GIO_USE_TLS=gnutls-pkcs11 variable does cause it to start looking 
> at
> smartcard related libraries.  So that sounds like there is hope that 
> it
> would work after you got the client authentication working, that I
> assume would interface with whatever gnutls-pkcs11 provided?  Any idea
> when that might happen?  Also, it seems like it would be useful to 
> leave
> the pkcs11 code around that you had recently removed ;)

That's what we need to figure out. Maybe you could do the same thing 
with glib-networking 2.58 (e.g. in Fedora 29) and see if the smartcard 
libraries are still being used? I think it should still be used, just 
via GnuTLS rather than via gnutls-pkcs11. Not sure.

> Let me know if you have any ideas on how to test the glib-networking
> without WebKit, I am just not sure what else smartcard auth related
> would use it?

I'll ask around and see if someone has ideas.

> Also, this might be a long shot, but how hard would it be to get 
> WebKit
> to redirect to another browser like firefox that could do the auth, or
> is the WebKit API just too specific for that to ever work?  For fun I
> actually linked WebKitWebProcess to firefox and it does pop up 
> firefox,
> but not surprisingly none of the information gets passed.

Hehe, there's no way to make that work, indeed.

We just need to fix https://bugs.webkit.org/show_bug.cgi?id=164509. It 
shouldn't be too hard and it's on my TODO. I can't promise when I'll 
get to it, though.


More information about the webkit-gtk mailing list